Attacking (EC)DSA scheme with ephemeral keys sharing specific bits

In this paper, we present a deterministic attack on (EC)DSA signature scheme, providing that several signatures are known such that the corresponding ephemeral keys share a certain amount of bits without knowing their value. By eliminating the shared blocks of bits between the ephemeral keys, we get...

Celý popis

Uložené v:
Podrobná bibliografia
Vydané v:Theoretical computer science Ročník 1001; s. 114578
Hlavní autori: Adamoudis, M., Draziotis, K.A., Poulakis, D.
Médium: Journal Article
Jazyk:English
Vydavateľské údaje: Elsevier B.V 27.06.2024
Predmet:
Digital signature algorithm
Elliptic curve digital signature algorithm
Kannan's enumeration algorithm
Lattice
LLL algorithm
Elliptic curve digital signature algorithm
Digital signature algorithm
LLL algorithm
Lattice
Kannan's enumeration algorithm
ISSN:0304-3975, 1879-2294
On-line prístup:Získať plný text
Tagy: Pridať tag
Žiadne tagy, Buďte prvý, kto otaguje tento záznam!
Popis
Shrnutí:In this paper, we present a deterministic attack on (EC)DSA signature scheme, providing that several signatures are known such that the corresponding ephemeral keys share a certain amount of bits without knowing their value. By eliminating the shared blocks of bits between the ephemeral keys, we get a lattice of dimension equal to the number of signatures having a vector containing the private key. We compute an upper bound for the distance of this vector from a target vector, and next, using Kannan's enumeration algorithm, we determine it and hence the secret key. The attack can be made highly efficient by appropriately selecting the number of shared bits and the number of signatures.
ISSN:0304-3975
1879-2294
DOI:10.1016/j.tcs.2024.114578